Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their personal information private while allowing that information to be shared and made public.

The proposed settlement requires Facebook to provide consumers with clear notice and to obtain consent when sharing information beyond the guidelines established by consumers' privacy settings. As with Google and its recent privacy settlement with the FTC, Facebook has agreed to have its privacy practices audited for the next 20 years.

CEO Mark Zuckerberg, in an effort to get out in front of yet another privacy controversy, Tuesday posted a contrite blog post in which he promises to make Facebook "the leader in transparency and control around privacy."

Insisting that Facebook has "a good history of providing transparency and control over who can see your information," Zuckerberg acknowledges his company's missteps.

"I'm the first to admit that we've made a bunch of mistakes," he wrote in his post. "In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done."

As examples of that work, Zuckerberg cited 20 new tools and resources introduced in the past 18 months that have been designed to give users more control over the Facebook experience.

Of course it's not Facebook's good work that got the attention of the FTC. The FTC's complaint cites a series of promises about privacy that Facebook did not keep.

The broken promises include: a December 2009 website change that exposed information, such as Friends Lists, that had been designated private; Facebook's assertion that third-party apps would have only necessary information to operate, when in fact the apps had access to almost all of users' personal data; Facebook's assertion that users could restrict sharing to limited audiences, even though friends could share that information more broadly through third-party apps; Facebook's assertion that it would not share personal information with advertisers, which it nonetheless did; Facebook's claim that photos and videos from deleted accounts could not be accessed, which wasn't true; and Facebook's claim that it complied with the US-EU Safe Harbor Framework governing data transfers between the United States and Europe, with which it did not actually comply.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said FTC chairman Jon Leibowitz in a statement. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

Maybe. The FTC's requirements will do nothing to prevent Facebook users from sharing without considering the implications; the FTC is powerless to protect users from themselves. But the agency has prompted Facebook to create two new privacy officer positions: chief privacy officer for policy, and chief privacy officer for products.

Zuckerberg insists that these two positions will help ensure that Facebook develops products and policies with privacy in mind.

Of course, merely creating a position does not guarantee that that position will have real power to affect important corporate decisions, or even that Facebook's conception of privacy will match consumer expectations.

Google's global privacy counsel Peter Fleischer last week noted on his personal blog that European privacy laws are likely soon to be amended to require that companies have a data protection officer. "This will be a practical step forward for privacy," he notes. "But at the same time, it will be important to define what we're accountable for, internally and externally, especially in a field where the very notion of 'privacy' is highly subjective, and where the visions of what a privacy leader is supposed to do diverge dramatically, by country, by industry, and by function."

Facebook may well take privacy seriously, but like Google it also takes advertising revenue seriously. And as privacy advocate Christopher Soghoian recently noted, the business models of online advertising services are inherently in conflict with user privacy.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 25-29 in Orlando, Fla. Find out more.

Welcome to
TechWeb, the IT professional's online resource for news coverage of the
information technology industry. We know technology news. Our mobile
and wireless news coverage moves as fast as wireless technology itself.
We follow all the devices you depend on to stay connected. Our software
coverage follows the multi-faceted software industry from every angle.
We've got a lock on network security and computer security issues.
We're all over the business of the Web--the Internet business--and the
engines that run it. We have our eyes and ears tuned to the players who
make and run the tools that tie us all together--Google, Microsoft,
eBay, Cisco, Yahoo, Oracle, Apple, Sony--and scores of others. And we
keep close tabs on the backbone of information technology, PC hardware.
We know PCs and Apple computers inside and out. We cover computer
technology, computer news, software news, search engine news, business
software, operating systems, and software development. Our coverage of
tech news includes a strong focus on the security business, its
attendant spyware and viruses, how security relates to wireless
technology and business networking and the security issues surrounding
RFID technology. We closely follow developments in Internet news and
Internet technology, including the spread of broadband and its effect
on Web browsers and the Web business. We watch the VoIP business, and
how VoIP technology is affecting the state of telephony in the
enterprise. And if all that isn't enough, we also track developments in
the IT industry that affect IT jobs, IT careers, and outsourcing.